Categories

Notice:

We've recently performed some software upgrades to both cPanel and the Client Area that has resulted in some of the KB articles appearing outdated and obsolete. We are working to update and/or remove the affected articles but this may take some time. We appreciate your patience!

allow_url_fopen

If you get an error like this one: URL file-access is disabled in the server configuration, this is because of a setting on the server.

We have disabled the use of allow_url_fopen in the default php version for security reasons. This is for your own protection.

If enabled, allow_url_fopen allows PHP's file functions -- such as file_get_contents() and the include and require statements -- can retrieve data from remote locations, like an FTP or web site. Programmers frequently forget this and don't do proper input filtering when passing user-provided data to these functions, opening them up to code injection vulnerabilities. A large number of code injection vulnerabilities reported in PHP-based web applications are caused by the combination of enabling allow_url_fopen and bad input filtering.

A simple work around is to use curl to retrieve the data and then process it locally. An example is below:

How can I use composer?

If you require the use of allow_url_fopen for using composer or other scripts, you will need to enable an alternate version of PHP as shown in this article, you'll also need to add an alias to your .bashrc file. You also need to enable allow_url_fopen on the php options screen as show in this article as it is disabled by default.

/home/user/.bashrc

Connect to the server via ssh and use your favorite editor to modify your .bashrc file.

alias php='/opt/alt/php54/usr/bin/php'

This assumes you want to use php 5.4, be sure to replace php54 with the version you choose on the selector screen.Be sure to logout of SSH and log back in to make this change.